Chapter 1: Security & Risk Management Flashcards
Define Confidentiality
The principle that objects are not disclosed to unauthorized subjects.
Define Integrity
The principle that objects retain their veracity and are intentionally modified only by authorized subjects.
Define Availability
The principle that authorized subjects are granted timely and uninterrupted access to objects.
What are AAA Services
Identification, Authentication, Authorization, Auditing, and Accountability.
Identification is the process by which…
A subject professes an identity, and Accountability is initiated.
Authentication is the process of…
Verifying or testing that a claimed identity is valid.
The process of Authorization ensures…
That the requested activity or object access is possible given the rights and privileges assigned to the authenticated identity.
Auditing is the means by which…
Subjects are held accountable for their actions (while authenticated on a system).
Auditing is the means by which…
Subjects are held accountable for their actions (while authenticated on a system).
CISSP stands for…
Certified Information Systems Security Professional
Non-repudiation ensures that…
The subject of an activity or event cannot deny the event occurred or their role in the event.
Non-repudiation ensures that…
The subject of an activity or event cannot deny the event occurred or their role in the event.
Security Governance is…
The collection of practices related to supporting, defining, and directing the security efforts of an organization.
What are the 3 types of plans in Security Management?
Strategic, Tactical, and Operational
What are the Primary Security Roles?
Senior Manager, Security Professional, Asset Owner, Custodian, User, and Auditor.
